Security control system for granting access and security control method thereof

ABSTRACT

The present invention provides a method for granting a visitor access into a premise. The security control method includes determining an identification tag, transmitting the identification tag to the visitor, scanning the identification tag of the visitor, authenticating the identification tag, generating an approving signal upon positive authentication of the identification tag, dispensing an identification token to the visitor upon receiving the approving signal, scanning the identification token of the visitor, and authenticating the identification token to grant the visitor access into the premise. The present invention further provides a security control system for the security control method.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a national stage application under 35 U.S.C. §371 ofinternational application no. PCT/SG2014/000302, filed Jun. 25, 2014,which is hereby incorporated by reference in its entirety.

TECHNICAL FIELD

The present invention relates to a security control system configured togrant a visitor access into a premise and a security control methodthereof.

BACKGROUND

In premises which require security function, it is common to findsecurity personnel at a certain position e.g. a building entrance,reception counter, loading bay, car park entrance etc. of the premise.Usually, there is at least a security guard/concierge in the position toscreen visitors whom will use some form of identification in exchangefor security passes to enter the premises.

In some cases, the level of security screening is relatively low. Thescreening of the visitor may not be properly carried out due to thehuman factors. As such, the registration process at the securityposition may serve little or no purpose. Further, there is also verylittle control over the whereabouts/movements of visitors after theissuance of the security passes. It is common to hear that high securitypremises with well-equipped security devices experience securitybreaches. To improve security of the premises, the building owners mayincrease the number of security personnel. However, more often than not,the increase the number of security personnel does not translate tobetter security in the premises. In some cases, the security personneldoes not even screen visitors and let the visitors have free access tothe premise. In such case, it is not possible to know who and whenentered or left the premises, let alone knowing who has not left thepremise after operation hours.

Therefore, it is necessary to implement a security control system andsecurity control method to overcome the problems above.

SUMMARY

According to various embodiments, the present invention provides asecurity control method for granting a visitor access into a premise.The security control method includes determining an identification tag;transmitting the identification tag to the visitor; scanning theidentification tag of the visitor; authenticating the identificationtag; generating an approving signal upon positive authentication of theidentification tag; dispensing an identification token to the visitorupon receiving the approving signal; scanning the identification tokenof the visitor; and authenticating the identification token to grant thevisitor access into the premise.

According to various embodiments, the security control method includesreceiving personal data of the visitor.

According to various embodiments, the security control method furthercomprises authenticating the personal data.

According to various embodiments, the security control method furthercomprises receiving the identification token from the visitor.

According to various embodiments, the security control method furtherincludes authenticating the identification token.

According to various embodiments, the security control method includestransmitting the identification tag comprises electronic transmission.

According to various embodiments, the security control method includesscanning the identification tag comprises optically scanning theidentification tag.

According to various embodiments, the security control method furtherincludes reproducing the identification tag.

According to various embodiments, reproducing the identification tagincludes at least one of printing the identification tag on a printablemedia or displaying the identification tag on a screen of an electronicdevice.

According to various embodiments, the identification tag includes anoptically readable image.

According to various embodiments, the optically readable image includesat least one of a barcode or a quick response code.

According to various embodiments, scanning the identification tokenincludes at least one of radio-frequency scanning or magnetic scanning.

According to various embodiments, the identification token includes atleast one of radio-frequency identification chip or magneticallyreadable portion.

According to various embodiments, the present invention provides asecurity control system configured to grant a visitor access into apremise. The security control system includes a determination circuitconfigured to determine an identification tag; a transmitter configuredto transmit the identification tag to a visitor; a first scannerconfigured to scan the identification tag of the visitor; a firstauthentication circuit configured to authenticate the identificationtag; a generator configured to generate an approving signal uponpositive authentication of the identification tag; a dispenserconfigured to dispense an identification token; a second scannerconfigured to scan the identification token; and a second authenticationcircuit configured to authenticate the identification token to grant thevisitor access into the premise.

According to various embodiments, the security control system isconfigured to receive personal data of the visitor.

According to various embodiments, the first authentication circuit isconfigured to authenticate the personal data.

According to various embodiments, the security control system furtherincludes a receiver adapted to receive the identification token.

According to various embodiments, the identification tag includes anoptically readable image.

According to various embodiments, the optically readable image includesat least one of a barcode or a quick response code.

According to various embodiments, the identification token includes atleast one of a radio-frequency identification chip or magneticallyreadable portion.

The present invention provides a security control system and a securitycontrol method to overcome the problems mentioned above. The presentinvention provides a higher level of security screening to a premise andaccounts for the whereabouts of visitors within the premise. Thesecurity control system and security control method may also allowminimal, if not, does not require security personnel to be at thesecurity positions. In this way, the demand for manpower can be reducedthereby providing cost savings in manpower resource.

The security control system of the present invention provides a SelfService Kiosk which can be used to complement existing security systemsas it may be used hand in hand with security systems usingidentification tokens, e.g. security pass, and gantry access to dispenseidentification tokens. Self Service Kiosk may be used together with asecurity access system, e.g. security pass system, to become a SecurityKiosk, which is an integration of the building security access systemand the Self Service Kiosk. Self Service Kiosk may be used to enhanceexisting security access systems and may be used to overcome thedisadvantages of the present security scenarios as described in thebeginning and provide a better security screening procedure andminimizes security lapse. It is an object of the present invention toachieve high security screening e.g. achieving 100% security screening,and to provide a highly reliable security solution to ensure betteraccess control and movement monitoring of visitors within the premise.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a schematic diagram of a security control system accordingto various embodiments;

FIG. 2 shows a schematic diagram of a security control system accordingto various embodiments; and

FIG. 3 shows a security control method of using the security controlsystem in FIG. 1

DETAILED DESCRIPTION

FIG. 1 shows a security control system 100. Security control system 100is configured to grant a visitor 10 access into a premise 20, e.g.compound, building, office. Security control system 100 includes adetermination circuit 110 configured to determine an identification tag12, a transmitter 120 configured to transmit the identification tag 12to a visitor 10, a first scanner 130 configured to scan theidentification tag 12 of the visitor 10, a first authentication circuit140 configured to authenticate the identification tag 12, a signalgenerator 150 configured to generate an approving signal upon positiveauthentication of the identification tag 12, a dispenser 160 configuredto dispense an identification token 14, a second scanner 170 configuredto scan the identification token 14 and a second authentication circuit180 configured to authenticate the identification token 14 to grant thevisitor 10 access into the premise 20.

In other words, the security control system 100 can be a self-servicekiosk for issuing an identification token, e.g. security pass, to avisitor. Security control system 100 allows a host 30 from the premise20 to issue an identification tag 12 to a visitor 10 beforehand, e.g.before reaching the premise 20, and allows the visitor 10 to use theidentification tag 12 to exchange for an identification token 14 so asto gain access into the premise 20. Host 30 may be a person whoinitiates the transmission of the identification tag 12. Host 30 may bea tenant of the premise and/or a security personnel. Security controlsystem 100 may determine an identification tag 12 when requested by thehost 30. Upon determining the identification tag 12, the host maytransmit the identification tag 12 to the visitor 10 using thetransmitter 120. Visitor 10 may scan the identification tag 12 at thefirst scanner 130 when the visitor 10 is at the premise 20. Whenscanned, the first authentication circuit 140 authenticates theidentification tag 12 to determine if the identification tag 12 isvalid. If so, an approving signal will be sent to the dispenser 160 todispense the identification token 14. Visitor 10 may then use theidentification token 14 to gain access into the premise 20.

Security control system 100 may include a registration module (not shownin FIG. 1) for registering the identity of the host 30 when initiatingthe determination and transmission of the identification tag 12 to thevisitor 10. Host 30 may have a security access code, e.g. password, tolog on to the registration module before the initiation. When the host30 logs on to the registration module to initiate the determination andtransmission, the security control system 100 would be able to capturethe personal data of the host 30 which is tagged to the security accesscode to identify the host 30. In this way, it is possible to retrievethe identity of the person who authorizes the access of a visitor.

Determination circuit 110 may be connected to the transmitter 120.Determination circuit 110 may be connected to the transmitter 120 via abus, e.g. wire, optical fibre. Determination circuit 110 may determinean identification tag 12 and transmit the identification tag 12.Determination circuit 110 may transmit an identification tagelectronically to the transmitter 120. Transmitter 120 may then transmitthe identification tag 12 electronically to the visitor 10.

FIG. 2 shows a schematic diagram according to various embodiments. Asshown in FIG. 2, the determination circuit 110 may be connected to acentral processor 102, e.g. a CPU, configured to process signals.Central processor 102 may be connected to a data storage 104 configuredto store data, e.g. identification tag, visitor personal and accessdata. Determination circuit 110 may generate the identification tag 12.Determination circuit 110 may retrieve the identification tag 12 fromthe data storage 104.

Transmitter 120 may be an electronic device configured to transmit theidentification tag 12 to the visitor 10. Transmitter 120 may beconnected to the central processor 102. Transmitter 120 may be acomputer terminal having email application configured to allow a host 30to transmit email to the visitor 10. Transmitter 120 may be acommunication device configured to allow the host 30 to transmit theidentification tag 12, e.g. an image, to the visitor. Communicationdevice may be a mobile device, e.g. mobile phone.

Identification tag 12 may include an optically readable image. Opticallyreadable image may include at least one of a barcode or a quick responsecode. Optically readable image may be transmitted via the internet ormobile communication system. Optically readable image may be transmittedvia email to a visitor or via short message service (SMS) or the like.

First scanner 130 may be an optical scanner configured to scan theidentification tag 12. Visitor 10 may reproduce the identification tag12 for the purpose of having the identification tag 12 scanned by thefirst scanner 130. First scanner 130 may be an image capturing device,e.g. camera. As shown in FIG. 2, the first scanner 130 may be connectedto the central processor 102 such that the first scanner 130 maytransmit an image signal of the identification tag 12 to the centralprocessor 102. Central processor 102 may transmit the image signal tothe first authentication circuit 140.

Visitor 10 may reproduce the identification tag 12 by printing it onto aprintable media, e.g. paper, or displaying identification tag 12 ontothe screen of a mobile device, e.g. mobile phone. For a printable media,the first scanner 130 may be an optical scanner to scan theidentification tag 12 or an image capturing device to capture theidentification tag 12. For a screen of a mobile device displaying theidentification tag 12, the first scanner 130 may be an image capturingdevice for capturing an image of the identification tag 12 on screenbefore authenticating it.

Security control system 100 may be configured to receive personal dataof the visitor 10. Host 30 may request for personal data of visitor 10to be provided for authentication and/or recording purpose. Personaldata may be stored in the data storage 104.

First authentication circuit 140 may be configured to authenticate theidentification tag 12 upon receiving the image signal. Firstauthentication circuit 140 may be connected to the central processor102. Central processor 102 may retrieve authentication data ofidentification tag 12 from the data storage 104. First authenticationcircuit 140 may authenticate the image signal of the identification tag12 based on the authentication data. First authentication circuit 140may be connected to the signal generator 150 such that upon positiveauthentication of the image signal, the first authentication circuit 140may activate the signal generator 150 to generate an approving signal.Signal generator 150 may be connected to the central processor 102.First authentication circuit 140 may be connected to the dispenser 160.Upon generating the approving signal, the signal generator 150 maytransmit the approving signal to the dispenser 160 to dispense theidentification token 14.

First authentication circuit 140 may be configured to authenticate thepersonal data of the visitor 10. At the time of scanning theidentification tag 12, a terminal having a user interface may beprovided for the visitor 10 to enter personal data. Upon receipt of thepersonal data, the first authentication circuit 140 may authenticate thepersonal data based on the personal data store in the data storage 104.Upon positive authentication of the identification tag 12 and thepersonal data, the first authentication circuit 140 may activate thesignal generator 150 to generate an approving signal. Firstauthentication circuit 140 may be connected to the dispenser 160. Upongenerating the approving signal, the signal generator 150 may transmitthe approving signal to the dispenser 160 to dispense the identificationtoken 14.

Dispenser 160 may be a dispensing machine configured to dispenseidentification tokens 14. Visitor 10 may receive the identificationtoken 14 from the dispenser 160 upon scanning and positiveauthentication of the identification tag 12. Dispenser 160 may beconfigured to encode the identification token 14 with access data, e.g.personnel information, time and date, duration of access. Dispenser 160may be connected to the central processor 102 to retrieve or send datafrom or to the central processor 102.

Identification token 14 may include an optically readable image.Optically readable image may include at least one of a barcode or aquick response code. Identification token 14 may be a magnetic tokenwhereby the identification token 14 may be “scanned” magnetically.Identification token 14 may include a magnetically readable portion.Identification token 14 may be a radio-frequency identification (RFID)tag. Identification token 14 may include an RFID chip. Identificationtoken 14 may be in the form of a card, stick, or button, e.g. securitypass. Identification token 14 may be embedded with security features inthe form of at least one of a micro-chip, magnetic strip or RFID etc.Identification token 14 may be scanned at the second scanner 170.

Second scanner 170 may be at least one of an optical scanner, magneticscanner or an RFID scanner. Second scanner 170 may be connected to thesecond authentication circuit 180. Upon scanning the identificationtoken 14, a scanned signal may be transmitted to the secondauthentication circuit 180 whereby the scanned signal may beauthenticated. Second authentication circuit 180 may be connected to thecentral processor 102. Central processor 102 may retrieve authenticationdata from the data storage 104 via the central processor 102 andauthentication of the scanned signal of the identification token 14 maybe based on the authentication data. Upon positive authentication of theidentification token 14, the visitor 10 may be allowed access into thepremise 20.

Premise 20, as shown in FIG. 1, may include a gate 22 adapted to controlthe access of the visitor 10 into the premise 20. Security controlsystem 100 may be connected to the gate 22 whereby the security controlsystem 100 is configured to control the operation of the gate 22 betweena closed configuration to prevent the visitor 10 from entering thepremise 20 and an open configuration to allow the visitor 10 access intothe premise 20. Upon positive authentication of the identification token14, the control the gate 22 may be opened to allow the visitor 10 accessinto the premise. Gate 22 may be a kiosk, turnstile or gantry withanti-tailgating feature, a door etc.

Referring to FIG. 1, the security control system 100 may include areceiver 190 adapted to receive the identification token 14. When avisitor 10 is about to leave the premise 20, the visitor 10 may returnthe identification token 14 to the receiver 190. Receiver 190 may beconfigured to identify the identification token 14 and extract accessdata from the data storage 104 based on the identification token 14,e.g. time of departure, areas visited. Referring to FIG. 2, the receiver190 may be connected to the central processor 102. Receiver 190 and thedispenser 160 may be connected to each other. Receiver 190 and thedispenser 160 may be housed together such that identification tokens 14received by the receiver 190 may be transferred to the dispenser 160 tobe dispensed to the next visitor. Premise 20 may include scannerstherein for the visitor 10 to scan the identification token 14 when thevisitor to enter an area, e.g. room, within the premise 20. In this way,the security control system 100 is able to register the time and areawhen and where the visitor 10 has accessed. Host 30 may have theauthority to restrict access to certain areas within the premise 20,e.g. car lift, levels, rooms. In this case, the host 30 may provide thevisitor 10 with limited access to only a certain areas within thepremise 20. By receiving and registering the identification tokens 14,the security control system 100 is able to find out if there are anymore visitors 10 within the premise 20 at the end of a working day orday. At the same time, the security control system 100 would be able totrack the movement of the visitor 10 within the premise 20.

FIG. 3 shows a security control method 1000 for granting the visitor 10access into the premise 20. In 1100, the identification tag 12 is beingdetermined. Identification tag 12 is being transmitted to the visitor 10in 1200. In 1300, the identification tag 12 of the visitor 10 is beingscanned. In 1400, the identification tag 12 is being authenticated. Uponpositive authentication of the identification tag 12, an approvingsignal is being generated in 1500. In 1600, the identification token 14is being dispensed to the visitor 10 upon receiving the approvingsignal. In 1700, the identification token 14 of the visitor 10 is beingscanned. In 1800, the identification token 14 is being authenticated soas to grant the visitor 10 access into the premise 20.

FIG. 3 shows the security control method 1000 being used for securitypurposes. When the host 30 is expecting the visitor 10 to visit thepremise 20, the host 30 may determine the identification tag 12 usingthe determination circuit 110 and transmit the identification tag 12 tothe visitor 10 using the transmitter 120. Host 30, who is aware of thedate and time of the visit, may define the date and time that theidentification tag 12 may be valid for access. Host 30 may also definethe duration that the visitor 10 may stay in the premise. Host 30 maytransmit the identification tag 12 via electronic transmission. Host 30may transmit the identification tag 12 via an email or short messagefrom his or her computer terminal and/or mobile device respectively tothe visitor 10. Visitor 10 may receive the identification tag 12 on hisor her computer terminal and/or mobile device. For additional security,the host 30 may require the visitor 10 to provide personal data forauthentication and/or recording purposes. Visitor 10 may then forwardthe required personal data to the host 30 electronically or via phone.Security control system 100 may then receive personal data of thevisitor 10 and store the personal data into the data storage.

Visitor 10, when visiting the premise 20 of the host 30, may reproducethe identification tag 12 by printing the identification tag 12 onto aprintable media beforehand or displaying the identification tag 12 ontothe screen of an electronic device, e.g. mobile device. Visitor 10 maydisplay the identification tag 12 to be scanned by the first scanner130.

Identification tag 12 may be scanned optically by the first scanner 130.Scanning the identification token 14 may include radio-frequencyscanning and/or magnetic scanning. First scanner 130 may scan theidentification tag 12 and transmit an image signal of the identificationtag 12 to the central processor 102 which may in turn transmit the imagesignal to the first authentication circuit 140.

Visitor 10 may be required to provide personal data via the userinterface of the terminal. First authentication circuit 140 mayauthenticate the identification tag 12, and the personal data ifnecessary, based on the authentication data and personal data stored inthe data storage 104. If the authentication is positive, the firstauthentication circuit 140 may activate the signal generator 150 togenerate an approving signal and transmit the approving signal to thedispenser 160 to dispense the identification token 14 to the visitor 10.On the other hand, if the authentication is negative, the securitycontrol system 100 will inform the visitor accordingly and deny thevisitor 10 access into the premise 20.

Visitor 10, upon receiving the identification token 14, may produce theidentification token 14 at the second scanner 170 for scanning. Based onthe limitations set out by the host 30, the identification token 14 maybe configured to define the duration and areas within the premises thatthe visitor 10 may stay. Upon scanning, a scanned signal may betransmitted to the second authentication circuit 180 to beauthenticated. Identification token 14 may be authenticated.Authentication of the identification token 14 may be based on theauthentication data stored in the data storage 104. If theauthentication is positive, the gate 22 may be opened to allow thevisitor 10 access into the premise 20. However, if the authentication isnegative, the gate 22 will remain in the closed configuration to preventaccess into the premise 20.

When the visitor 10 is leaving the premise 20, the visitor 10 may returnthe identification token 14 to the receiver 190. Identification token 14may be received from the visitor 10 and retained by the receiver 190.When the receiver receives the identification token 14, the receiver 190may be able to obtain information of the visitor 10, e.g. time when thevisitor 10 leaves the premise 20, areas in the premise 20 where thevisitor 10 has accessed. Security control system 100 may be configuredto notify the host 30 should the visitor 10 stay past a defined durationor a defined end time of the visit. Host 30 may be provided with theauthority to postpone the time that the visitor is allowed to stay till.Host 30 may access e.g. log on, the registration module to postpone thetime. Security control system 100 may be configured to generate thenumber of visitors 10 remaining in the premise 20 at any point in time.Security control system 100 may be configured to generate a list ofvisitor names and/or the location of the visitors at any point in timewhen requested by the host 30 or a security personnel authorized to doso. In this way, it is possible useful for the host 30 or the securitypersonnel to know who and where a visitor is or the visitors are at anypoint in time when need be, e.g. during an emergency evacuation.

As shown, the security control method 1000 and security control system100 provides high security to a premise 20. Visitor 10 to a premise 20is known beforehand by the host 30. In a way, the visitor 10 is screenedby the host 30 before the visit. At the same time, the host 30 knows thevisitor 10 before authorizing the visitor 10 entry into the premise 20and transmitting the identification tag 12 to the visitor 10. Visitor 10visiting the premise 20 does not require assistance from a securitypersonnel and is able to access the premise 20 at his or her conveniencewithin the allocated time of visit as determined by the host 30. In thisway, all visitors 10 to the premise 20 are screened without the risk ofnot screening any visitor 10. In addition, the location of the visitor10 at any time may be known to the host 30 and the duration of the visitby the visitor 10 may be known. At the end of each day, the host 30would be able to know if all the visitors 10 have left the premise 20 sothat security overnight would not be compromised by visitors 10 whointentionally stay behind. Visitors 10 may be any person who does nothave a valid security permit and wishes to enter the premise, includingstaffs who are working in the premise.

The security control system 100 may comprise a memory which is forexample used in the processing carried out by the security controlmethod. A memory used in the embodiments may be a volatile memory, forexample a DRAM (Dynamic Random Access Memory) or a non-volatile memory,for example a PROM (Programmable Read Only Memory), an EPROM (ErasablePROM), EEPROM (Electrically Erasable PROM), or a flash memory, e.g., afloating gate memory, a charge trapping memory, an MRAM(Magnetoresistive Random Access Memory) or a PCRAM (Phase Change RandomAccess Memory).

In an embodiment, a “circuit” may be understood as any kind of a logicimplementing entity, which may be special purpose circuitry or aprocessor executing software stored in a memory, firmware, or anycombination thereof. Thus, in an embodiment, a “circuit” may be ahard-wired logic circuit or a programmable logic circuit such as aprogrammable processor, e.g. a microprocessor (e.g. a ComplexInstruction Set Computer (CISC) processor or a Reduced Instruction SetComputer (RISC) processor). A “circuit” may also be a processorexecuting software, e.g. any kind of computer program, e.g. a computerprogram using a virtual machine code such as e.g. Java. Any other kindof implementation of the respective functions which will be described inmore detail below may also be understood as a “circuit” in accordancewith an alternative embodiment.

The invention claimed is:
 1. A security control method for granting avisitor access into a premise comprising: determining an identificationtag; transmitting the identification tag to the visitor; scanning theidentification tag of the visitor; authenticating the identificationtag; generating an approving signal upon positive authentication of theidentification tag; dispensing an identification token to the visitorupon receiving the approving signal; scanning the identification tokenof the visitor; and authenticating the identification token to grant thevisitor access into the premise.
 2. The security control method of claim1, further comprising receiving personal data of the visitor.
 3. Thesecurity control method of claim 2, further comprising authenticatingthe personal data.
 4. The security control method of claim 1, furthercomprising receiving the identification token from the visitor.
 5. Thesecurity control method of claim 4, further comprising authenticatingthe identification token.
 6. The security control method of claim 1,wherein transmitting the identification tag comprises electronictransmission.
 7. The security control method of claim 1, whereinscanning the identification tag comprises optically scanning theidentification tag.
 8. The security control method of claim 1, furthercomprising reproducing the identification tag.
 9. The security controlmethod of claim 8, wherein reproducing the identification tag comprisesat least one of printing the identification tag on a printable media ordisplaying the identification tag on a screen of an electronic device.10. The security control method of claim 1, wherein the identificationtag comprises an optically readable image.
 11. The security controlmethod of claim 10, wherein the optically readable image comprises atleast one of a barcode or a quick response code.
 12. The securitycontrol method of claim 1, wherein scanning the identification tokencomprises at least one of radio-frequency scanning or magnetic scanning.13. The security control method of claim 1, wherein the identificationtoken comprises at least one of radio-frequency identification chip ormagnetically readable portion.
 14. A security control system configuredto grant a visitor access into a premise, the security control systemcomprising: a determination circuit configured to determine anidentification tag; a transmitter configured to transmit theidentification tag to the visitor; a first scanner configured to scanthe identification tag of the visitor; a first authentication circuitconfigured to authenticate the identification tag; a generatorconfigured to generate an approving signal upon positive authenticationof the identification tag; a dispenser configured to dispense anidentification token; a second scanner configured to scan theidentification token; and a second authentication circuit configured toauthenticate the identification token to grant the visitor access intothe premise.
 15. The security control system of claim 14, wherein thesecurity control system is configured to receive personal data of thevisitor.
 16. The security control system of claim 15, wherein the firstauthentication circuit is configured to authenticate the personal data.17. The security control system of claim 14, further comprising areceiver adapted to receive the identification token.
 18. The securitycontrol system of claim 14, wherein the identification tag comprises anoptically readable image.
 19. The security control system of claim 18,wherein the optically readable image comprises at least one of a barcodeor a quick response code.
 20. The security control system of claim 14,wherein the identification token comprises at least one of aradio-frequency identification chip or magnetically readable portion.